CRC Press aylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2018 by aylor & Francis Group, LLC CRC Press is an imprint of aylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper International Standard Book Number-13: 978-1-138-03512-6 (Hardback) Tis book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the authors and publisher cannot assume responsibility for the validity of all materialss or the consequences of their use. Te authors and publishers have attempted to trace the copyright holders of all materia l rial reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, a nd recording, or in any information storage storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com www.copyright.com ( (http://www http://www .copyright.com/ ) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-7508400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Library of Congress Cataloging-in-Publication Cataloging-in-Publication Data
Names: Mahboob, Qamar, editor. | Zio, Enrico, editor. itle: Handbook Handbook of RAMS in railway sys tems / edited by Qamar Mahboob, Enrico Zio. Other titles: Handbook of reliability, reliability, availability, maintainability, and safety i n railway systems Description: Boca Raton : aylor & Francis, CRC Press, 2018. | Includes bibliographical references and index. Identifiers: LCCN 2017044301| ISBN 9781138035126 (hardback) | ISBN 9781315269351 (ebook) Subjects: LCSH: Railroads--Safety measures--Handbooks, measures--Handbooks, manuals, etc. | Railroads--Security measures--Handbooks, measures--Handbooks, manuals, etc. | Railroads--Equipment and supplies--Reliability--Handbooks, manuals, etc. Classification: LCC F610 .H36 2018 | DDC 625.10028/9--dc23 LC record available at https://lccn.loc.gov/2017044301 Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com
Thinking ahead to the smart railway systems of the future, for reliable and safe transportation.
Contents
Preface ..............................................................................................................................................xi Editors .............................................................................................................................................xv Contributors ............... ............................... ................................ ................................ ................................ ................................. ................................. ................................ ................ xvi xviii
Section 1 1. Introduction to the Requirements Requirements of Railway RAM, Safety, and Related Related ................................. ................................ ................................ ................................ ................................ ........................... ........... 3 General Management ................. Qamar Mahboob, Enrico Zio, and Pierre Dersin .................. ................... ................... ................ ....... 13 2. Basic Methods for for RAM Analysis and Decision Making ......... Andreas Joanni, Joanni, Qamar Mahboob, and Enrico Enrico Zio
3. Advanced Methods for for RAM Analysis and Decision Making ......... ................... ................... ................ ....... 39 Andreas Joanni, Joanni, Qamar Mahboob, and Enrico Enrico Zio 4. Safety Integrit Integrity y Concept .............. .............................. ................................. ................................. ................................ ................................ ...................... ...... 63 Holger Holg er Schult 5. SIL Apportionment and SIL Allocation......... ................... ................... ................... ................... ................... .................... .................. ........69 69 Hendrik Schäbe 6. Prognostics and Health Management in Railways .......... ................... ................... ................... ................... ................. .......79 79 Pierre Dersin, Allegra Alessi, Olga Fink, Benjamin Lamoureux, and Mehdi Brahimi .................. ................... ................... ................... .................99 .......99 7. Human Factors Factors and Their Application Application in Railways ......... Birgit Milius ... 119 9 8. Individual Risk, Collective Risk, and F–N Curves for Railway Risk Acceptance ...11 Jens Braband and Hendrik Hendrik Schäbe ................... ................... ............... ..... 13 139 9 9. Practical Demonstrations of Reliability Growth in Railways .......... Hendrik Schäbe
10. Methods for RAM Demonstration in Railway Projects .......... ................... ................... ................... ................ ....... 147 Pierre Dersin and Cristian Maiorano 11. Guide for Preparing Comprehensive and Complete Complete Case for Safet y ................... ................... ................... ................... ................... .................. ........ 16 167 7 for Complex Railway Products and Projects ......... Ruben Zocco ............... .... 185 12. Reliability Demonstration Tests: Tests: Decision Rules and Associated Risks ........... Pierre Dersin and Cristian Maiorano vii
viii
Contents
13. Hazard Hazar d Log: Structure Structu re and Management in Complex Complex Projects .......... ................... ................... ............. ... 199 Rohan Sharma ........ ... 21 213 3 14. Life Cycle Cost in Railway Asset Management with Example Exa mple Applications Applications ..... Simone Finkeldei and Thomas Grossenbacher ................... ................... ........... .. 233 15. System Assurance for Railway Mechanical Signaling Signal ing Products ......... Kyoumars Bahrami
16. Software Softwa re Reliability in RAMS Management Vidhyashree Nagaraju and Lance Fiondella
.................. ......... ................... .................... ................... ................... ................ ...... 247
17.. Applications of Formal Methods, Modeling, a nd Testing 17 Testing Strategies Strateg ies for Safe Software Development ............... ............................... ................................ ................................ ................................ ................................ ....................... ....... 275 Alessandro Fantechi, Fantechi, Alessio Alessio Ferrari, and Stefania Stefania Gnesi ................... ................... .............. ..... 297 18. Practical Statistics Statist ics and Demonstrations Demonstrations of RAMS in Projects Project s ......... Joerg Schuette ................... ................ ...... 337 19. Proven in Use for Softwa Software: re: Assigning an SIL Based on Statistics ......... Jens Braband, Heinz Heinz Gall, and Hendrik Schäbe
20. Target Reliability for New and Existi Existing ng Railway Civil Engineering Structure Str ucturess ....351 Miroslav Sykora, Sykora, Dimitris Diamantidis, Diamantidis, Milan Holicky, Holicky, and Karel Jung
Section 2 21. Methodology and Application of RAM Management along the Rai lway Rolling Stock Life Cycle............... ............................... ................................. ................................. ................................ ................................ .................... .... 379 Olga Fink and Simone Finkeldei .................. ................... ................... ................... ..........393 393 22.. IT Security 22 Secur ity Framework for Safe Railway Automation Automation ......... Jens Braband ................ ... 403 23. Reliability Modeling and Analysis of European Train Control System ............. Yiliu Liu and Lei Jiang
24. Designing for RAM RA M in Railway Systems: An Application to the Railway Signaling Subsystem ............... ............................... ................................ ................................. ................................. ................................ ......................... ......... 425 Pierre Dersin, Alban Péronne, and René Valenzuela 25. Fuzzy Reasoning Approach and Fuzzy Analytical Hierarchy Hierarc hy Process ................... ................... .................. ........441 441 for Expert Judgment Capture and Process in Risk Analysis .......... Min An and Yao Yao Chen ................... ................... .................. ........475 475 26. Independent Safety Assessment A ssessment Process and Methodology .......... Peter Wigger
Contents
ix
27.. Application of the Interface and Functional Failure Mode Effects 27 and Criticality Analysis (IFF-MECA) for RAM and Safety Assessment of Rail Electrification ............... ............................... ................................ ................................ ................................. ................................. ......................... ......... 487 Qamar Mahboob 28. RAMS as Integrated Part of the Engineering Process and the Application ............................... ................................ ................................. ................................. ................................ .................. 503 for Railway Rolling Stock ............... Georg Edlbacher and Simone Finkeldei 513 3 29. Safety Safet y and Security Assurance Assur ance in Complex Complex Technological Technological Train Control System System ..... 51 Datian Zhou, Ali Hessami, and Xiaofei Yao
30. Application of Risk Analysis Ana lysis Methods for Railway Level Crossing Problems Pr oblems ........551 Eric J. Schöne and Qamar Mahboob 31. Human Reliability and RAMS Management Malcolm Terry Terry Guy Harris
.................. ......... ................... ................... ................... .................... ................ ...... 571
32. Generic Approval Process for Public Transport Systems ......... .................. ................... ................... .............. ..... 587 Peter Wigger 33. Importance Importa nce of Safety Culture Cultur e for RAM RAMS S Management .......... ................... ................... .................... ................ ...... 599 Malcolm Terry Terry Guy Harris 34. Railway Security Securit y Policy Policy and Administration Administrat ion in the United States: Reacting to the Terrorist Threat after September 11, 2001 ................ ................................. ................................. ......................... ......... 617 Jeremy F. F. Plant, Plant, Gary A. Gordon, and Richard R. Young Young 35. Introduction to IT Transformation of Safety and Risk Ri sk Management Systems ..... 63 631 1 Coen van Gulij Gulijk, k, Miguel Figueres-Esteban, Peter Hughes, Hughes, and Andrei Loukianov L oukianov 36. Formal Reliability Analysis Ana lysis of Railway Systems Using Theorem Proving Provi ng ................................ ................................ ................................. ................................. ................................ ................................ ............................ ............ 651 Technique ................ Waqar Ahmad, Osman Hasan, and Sofiène Tahar 37.. Roles and Responsibilities for New 37 New Built, Extension, or Modernization Modern ization of a Public Transport System: A Walk through the Life Cycle ......... ................... ................... .............. ..... 669 Peter Wigger 38. Holistic View on the Charm and Challenge of CENELEC Standards Standar ds ................................. ................................ ................................ ................................ ................................ ....................... ....... 689 for Railway Signaling ................. Attilio Ciancabilla Ciancabilla and Stephan Stephan Griebel ................................ ................................. ................................. ................................ ................................ ................................ ................................ .................... .... 697 Appendix ................ ................................ ................................ ................................ ................................. ................................. ................................ ................................ ............................ ............ 715 Index ................
Preface Modern railway systems are complex, integrate various technologies, and operate in an environment where the identification of exact system response and behaviors has limitations. Complexity in railway systems has significantly increased due to the use of modern technologies in relation to computers, microprocessors, communication, and information technologies, in combination with the historically developed electromechanical components. The resulting inter- and intradependencies and redundancies among technologies extend the boundaries of the railway network system. Unwanted and unknown system states may emerge due to unidentified behaviors, which cannot be predicted and, thus, eliminated. elimi nated. It then becomes a target for the designers, operators, maintainers, and a nd approvapprovers to consider the acceptable limits of system states. To do so, railway-related standards have been introduced in terms of reliability, availability, maintainability, and safety (RAMS). Modeling, assessment, and demonstration of RAMS require careful and combined handling of the following: • Railway engineeri engineering ng • System analysis • Develop Development ment and applica application tion of mathematical and statistical statistical methods, techniques, techn iques, and tools • Compliance with with international and local standards and laws and specific project project requirements • Financia Financiall and economic economic analysis and, management Today, a main objective for carrying out RAMS-related tasks is to obtain a safe, highly reliable and available, innovative and sustainable railway system. Within this, RAMS activities are also fundamental for increasing the lifetime of railway systems. Railway RAMS-related standards provide specifications and require the railway manufacturers and operators to implement a RAMS management system and demonstrate particular safety standards and RAM requirements. The standards mainly provide general guidelines on different RAMS R AMS issues but do not provide details on how to proceed in real-world real-world projects. Consequently, endless discussions, disagreements, and rework of RAMS activities are experienced in many real-world projects. This is partly due to the fact that there is lack of purposeful understanding of the standards themselves and of the mathematical and statistical methods applicable for RAMS and their use. The topics in this handbook aim to improve the understanding and application of RAMS-related standards and the theory, methods, tools and techniques and related background. To this aim, dedicated efforts have been coordinated worldwide in writing this handbook. This is the first-ever comprehensive reference handbook that deals with the many unique RAMS issues involved in the difficult environment of an operating railway system. This is of concern given that the European Union and some other parts of the world have already mandated the use of RAMS in legislation. The implementation of the RAMS requirements then extends to system and equipment designers and manufacturers, who supply suppl y their products. The handbook h andbook provides provides detailed guidance for those invol involved ved in the xi
xii
Preface
integration of the highly complex and multitechnology systems that must seamlessly perform to guarantee a safe and reliable railway transport system. It can be used as guidance to get the RAMS RA MS tasks successfully successfu lly accomplished, accomplished, especially especia lly in complex railway projects. projects. It focuses on the several topics of risk, safety, reliability, reliability, and maintenance mai ntenance in railway systems and provides state-of-the-art knowledge on the issues therein. The handbook includes 38 chapters authored by key senior experts from industry and renowned professors and researchers from academia. The handbook is divided into two major sections: Section 1 on basic concepts, prediction, and estimation techniques and the second section on RAMS in practice and special specia l topics. Highlights of the t he topics covered covered under each section sect ion are presented in the following. Highlights of the topics in the handbook of RAMS in Railway Systems: Theory Theory and Practice Section 1
Section 2
01. Introduction to RAMS requirements 02. Basic methods for RAM and decision making 03. Advance methods for RAM and decision making 04. Safety integrity concept 05. SIL apportionment and SIL allocation 06. Prognostics and health management 07. Human factors and their applications in railways safety 08. Individual and collective risk and FN curves for risk acceptance 09. Practical demonstrations of reliability growth in railway projects 10. Methods for RAM demonstration in railway projects 11. A guide for preparing comprehensive and complete case for safety for complex railway products and projects 12. Reliability demonstration tests: Decision rules and ass ociated risks 13. The hazard log: Structure and management in complex project 14. Life cycle cost (LCC) in railways RAMS management with example applications 15. System assurance for the railways electromechanical products 16. Software reliability in RAMS management 17. Safety software development for the railway applications 18. Practical statistics and demonstration of RAMS in projects 19. Proven in use for softwareassigning a SIL based on statistics 20. Target reliability for new and existing railway engineering structures
21. Methodology and application of RAMS management along the railway rolling stock lifecycle 22. RAMS and security 23. Modeling reliability analysis European Train Control System (ETCS) 24. Decision support systems for railway RAMS: An application from the railway signaling subsystem 25. Fuzzy reasoning approach and fuzzy hierarchy process for expert judgement capture and process in risk analysis 26. Independent safety assessment process and methodology—a practical walk through a typical public transport system/railway system or subsystem/product/p subsystem/product/project roject 27. IFF-MECA: Interfaces and functional failure mode effects and criticality analysis for railway RAM and safety assessment 28. RAMS as an integrated part of the engineering process and the application for railway rolling stock 29. Model based HAZOP to identify hazards for modern train control system 30. Application of risk analysis methods for railway level crossing problems 31. Human reliability and RAMS management 32. A standardized approval process for a public transport system/ railway system/or subsystem/produ subsystem/product/project ct/project 33. Importance of safety culture for RAMS management 34. Railway security policy and administration in the USA: Reacting to the terrorists attack after Sep. 11, 2011 35. Introduction to IT transformation of safety and risk management systems 36. Formal reliability analysis of railway system using theorem proving technique 37. Roles and responsibilities for new built, extension or modernization of public transport systema walk through the life cycle 38. A holistic view of charm and challenges of CENELEC CENELEC standards for railway signaling
The authors of the individual chapters have devoted quite some efforts to include current and real-world applications, recent research findings, and future works in the area of RAMS for railway systems and to cite the most relevant and latest references in their chapters. Practical and insightful descriptions are presented in order to nourish RAMS practitioners of any level, from practicing and knowledgeable senior RAMS engineers and managers to beginning professionals and to researchers. Given the multidisciplinary breadth bread th and the techn technical ical depth of the handbook, we believe that readers from different fields of engineering can find noteworthy reading in much greater detail than in other engineering risk and safety-related publications. Each chapter has been written in a pedagogical style, providing the background and fundamentals of the topic and, at the same time, describing practical issues and their solutions, giving real-world examples of
Preface
xiii
application and concluding with a comprehensive discussion and outlook. The content of each chapter is based on established and accepted practices, publications in top-ranked journals, and conferences. The comprehensiv comprehensivee contents and the invol involvement vement of a team of multidisciplinary experts writing on their areas of expertise provide the editors confidence that this handbook is a high-quality reference handbook for students, researchers, railway network network operators and maintainers, maintai ners, and railway safety regulators, plus the associassoc iated equipment designers and manufacturers worldwide. We believe that this handbook is suited to the need of RAMS in railways. This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been given to publish reliable data and information, but the authors, editors, and publisher cannot assume responsibility for the validity of all materials or consequences of their use. The authors, editors, and publisher have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Dr. Engr. Qamar Mahboob Erlangen, Germany, and Lahore, Pakistan Prof. Dr. Enrico Zio Milano, Italy Italy,, and Paris, Paris, France
Editors
Dr. Engr. Qamar Mahboob has more than 15 years of project experience and several scientific publications in the field of reliability, availability, maintainability, and safety (RAMS). Qualification: Degrees: PhD in railway risk, safety and decision support from Technische Universität Dresden (TU Dresden), Dresden, Germany; MSc in transportation systems from the Technical University of Munich (TU Munich), Munich, Germany; MS in total quality management from Punjab University, Lahore, Pakistan; BSc in mechanical engineering from the University of Engineering and Technology Lahore, Lahore, Pakistan; and B-Tech from the (GCT) Government College of Technology, Railway Road, Lahore, Pakistan. Experience: maintenance engineer for rolling stock for Pakistan railways; scientific researcher for engineering risk analysis group of TU Munich; scientific researcher of Railway Signalling and Transport Safety Technology of TU Dresden; RAMS consultant for CERSS.com; key senior expert for RAMS for Siemens AG, Germany; technical lead for HI-TEK Manufacturing Pvt. Ltd., Lahore; services manager for KKPower International Pvt. Ltd., Lahore; and director and CTO (Core Technology Officer), SEATS (Science, Engineering and Technology for Systems), Lahore. Prof. Dr. Enrico Zio (M’06–SM’09) received his MSc degree in nuclear engineering from Politecnico di Milano in 1991 and in mechanical engineering from the University of California, Los Angeles, in 1995, and his PhD degree in nuclear engineering from Politecnico di Milano and the Massachusetts Institute of Technology (MIT) in 1996 and 1998, respectively. He is currently the director of the chair on systems science and the energetic challenge of the Foundation Electricite’ de France at CentraleSupélec, Paris, France; full professor and president of the Alumni Association at Politecnico di Milano; adjunct professor at University of Stavanger, Norway, City University of Hong Kong, Beihang University, and Wuhan University, China; codirector of the Center for REliability and Safety of Critical Infrastructures, China; visiting professor at MIT, Cambridge, Massachusetts; and distinguished guest professor of Tsinghua University, Beijing, China. His research focuses on the modeling of the failure– repair–maintenance behavior of components and complex systems, for the analysis of their reliability, maintainability, prognostics, safety, vulnerability, resilience, and security characteristics and on the development and use of Monte Carlo simulation methods, soft computing techniques and optimization heuristics. He is the author or coauthor of seven international books and more than 300 papers on international journals.
xv
Contributors
Waqar Ahmad
Georg Edlbacher
School of Electrical Engineering and Computer Sciences National University of Sciences and Technology Islamabad, Pakistan
Bombardier Transportation Zürich, Switzerland Alessandro Fantechi
University of Florence Florence, Italy
Allegra Alessi
Alstom Saint-Ouen, France
Alessio Ferrari
Min An
Istituto di Scienza e Tecnologie dell’Informazione Pisa, Italy
University of Salford Greater Manchester, United Kingdom
Miguel Figueres-Esteban
Kyoumars Bahrami
University of Huddersfield Huddersfield, United Kingdom
Siemens Mobility (Rail Automation) Melbourne, Australia
Olga Fink
Jens Braband
Siemens AG Braunschweig, Germany
Zürcher Hochschule für angewandte Wissenschaften, Winterthur, Switzerland Simone Finkeldei
Mehdi Brahimi
Alstom Saint-Ouen, France
Schweizerische Bundesbahnen SBB Bern, Switzerland Lance Fiondella
Yao Chen
Siemens AG Munich, Germany
University of Massachusetts Dartmouth North Dartmouth, Massachusetts Heinz Gall
Attilio Ciancabilla
Rete Ferroviaria Italiana Bologna, Italy
TÜV Rheinland Cologne, Germany Stefania Gnesi
Alstom Saint-Ouen, France
Istituto di Scienza e Tecnologie dell’Informazione Pisa, Italy
Dimitris Diamantidis
Gary A. Gordon
Ostbayerische Technische Hochschule Regensburg Regensburg, Germany
Massachusetts Maritime Academy Buzzards Bay, Massachusetts
Pierre Dersin
xvii
xviii
Contributors
Stephan Griebel
Benjamin Lamoureux
Siemens AG Braunschweig, Germany
Alstom Saint-Ouen, France
Thomas Grossenbacher
Yiliu Liu
Schweizerische Bundesbahnen SBB Bern, Switzerland
Norwegian University of Science and Technology Trondheim, Norway
Coen van Gulijk
University of Huddersfield Huddersfield, United Kingdom
Andrei Loukianov
University of Huddersfield Huddersfield, United Kingdom
Malcolm Terry Guy Harris
Topfield Consultancy Limited London, United Kingdom
Cristian Maiorano
Ansaldo STS Genoa, Italy
Osman Hasan
School of Electrical Engineering and Computer Sciences National University of Sciences and Technology Islamabad, Pakistan
Birgit Milius
Technische Universität Braunschweig Braunschweig, Germany Vidhyashree Nagaraju
Ali Hessami
University of Massachusetts Dartmouth North Dartmouth, Massachusetts
Vega Systems London, United Kingdom
Alban Péronne
Milan Holicky
Alstom Saint-Ouen, France
Czech Technical University in Prague Prague, Czech Republic
Jeremy F. Plant
Peter Hughes
Pennsylvania State University Harrisburg, Pennsylvania
University of Huddersfield Huddersfield, United Kingdom
Hendrik Schäbe
Lei Jiang
TÜV Rheinland Cologne, Germany
Southwest Jiaotong University Chengdu, China
Eric J. Schöne
Andreas Joanni
Siemens AG Munich, Germany
Traffic Sciences Department Dresden Technical University Dresden, Germany Joerg Schuette
Karel Jung
Czech Technical University in Prague Prague, Czech Republic
Technische Universität Dresden Dresden, Germany
Contributors
xix
Holger Schult
Xiaofei Yao
Siemens AG Erlangen, Germany
Casco Signal Shanghai, China
Rohan Sharma
Richard R. Young
TÜV Rheinland Cologne, Germany
Pennsylvania State University Harrisburg, Pennsylvania
Miroslav Sykora
Datian Zhou
Czech Technical University in Prague Prague, Czech Republic
Centrale Supélec Laboratoire Génie Industriel Paris, France
Sofiène Tahar
Department of Electrical and Computer Engineering Concordia University Montreal, Canada
and
René Valenzuela
Ruben Zocco
Alstom Saint-Ouen, France
TÜV Rheinland Dubai, United Arab Emirates
Peter Wigger
TÜV Rheinland Cologne, Germany
Beijing Jiaotong University Beijing, China
Section 1
1 Introduction to the Requirements of Railway RAM, Safety, and Related General Management Qamar Mahboob, Enrico Zio, and Pierre Dersin CONTENTS
1.1 Introduction and Background ............................................................................................. 3 1.2 RAMS Management Requirements .................................................................................... 5 1.3 Life Cycle-Based RAM, Safety, and General Management Tasks ..................................7 1.4 Summary............................................................................................................................... 11 References....................................................................................................................................... 11
1.1 Introduction and Background
Railway-related standards introduce terms used in reliability, availability, maintainability, and safety (also called RAMS) and require railway suppliers, operators, maintainers, and duty holders to implement a comprehensive RAMS management system (EN 50126 [CEN 2003], EN 50129 [CEN 2003], IEC 61508 [IEC 2000], IEC-DTR-62248-4 [IEC 2004], IEC 62267-2 [IEC 2011], and IEC 62278-3 [IEC 2010]). This chapter explains the general requirements toward railway RAMS management throughout the life cycle of a technology or system for railway application. The topics of RAMS management and its process are covered in this chapter a way that a reliable, safe, cost-optimal, and improved quality of railway systems may be achieved. To achieve all these, a life cycle approach needs to be adopted. The life cycle applicable to the RAMS management is shown in Figure 1.1 and is adopted from EN 50126. This life cycle approach provides basic concepts and structure for planning, managing, implementing, controlling, and monitoring of all aspects of a railway project, incorporating RAMS as well, as the project proceeds through the life cycle phases. The general RAMS management process consists of three major areas shown in Figure 1.1. This life cycle and three major areas are applicable to any railway product or subsystem under consideration regardless of its level or position within the complete railway system. In other words, each considered subsystem level can be combined and integrated into the superior system until the top level of the complete railway system has been obtained. The life cycle process can be simplified depending on the applicable project phases. For example, in railway projects, suppliers usually commit the demonstration of RAMS performance-related targets until the “trial run and system acceptance” phase. It is important to mention that warranty periods are also defined within the life cycle phases of a project, and the warranty demonstration period may overlap with more than one phase of the life cycle. According to railway-related RAMS standards, safety is “freedom from unacceptable risks, danger and injury from a technical failure in railways.” The focus of the RAMS 3
Handbook of RAMS in Railway Systems
4
t n e m s s e s s a k s i R
Concept
1
System definition and operational conditions
2
Risk analysis and evaluation 3
Specification of system requirements
s t n e m e r i u q e r e c n a i l p m o c f o n o i t a r t s n o m e D
Architecture and apportionment of system requirements
5
Design and implementation
6
Manufacture
7
Installation and integration
8
System validation (including safety acceptance and commissioning)
Trial run and system acceptance , e c g n n i a n n o e i t s n i s i a m m m , n o c o i e t d a r d e n p a O
4
9
10
Operation, maintenance, and performance monitoring 11
Decommissioning and disposal
e l c y c e f i l y l p p a e R
Modification and retrofit
12
FIGURE 1.1
System life cycle applicable for RAMS management process. (Based on CEN, EN 50126. Railway Applications— The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS), CEN, Brussels, 2003.)
Introduction to the Requirements of Railway RAM
5
management process is either to identify and then reduce the safety relevant failures or to eliminate the consequences of the failures throughout the life cycle. The objective is always to minimize the residual risk from the safety-related failures (Birolini 2014; Rausand and Hoyland 2004). The risk assessment process, defined in applicable standards such as EN 50129 (CEN 2003), should be performed in order to identify the degree of safety required for each particular situation. The tolerability of safety risk of a railway system is dependent upon the safety criteria set by the legal authorities or by the railway duty holder in accordance with the rules given by legal authorities (HSE 2001). After a concept for a project has been set up, the life cycle process consists of th ree major steps: • Risk assessment that includes risk analysis and risk evaluation on the basis of the system definition including the specification of system requirements • Demonstration (includes theoretical and practical ways) that the system fulfils the specified requirements • Operation, maintenance, and decommissioning In addition to the process flow—starting from the “Concept” and ending at the “Decommissioning and Disposal”—within the life cycle phases, the process flow involves a so-called feedback loop. The risk needs to be reevaluated in case additional information on safety risk is obtained during the related phases of the project. Consequently, some phases of the life cycle have to be revaluated from the risk point of view. The logical flow of information and associated decisions in project phases are more important than the time-based flow of the phases. It requires the risk assessment to be confirmed at the end of the life cycle. Here the aim is to have complete visualization of the risk picture, at the end of the lifetime of a technology/system, in order to confirm whether the “risks expectations” were met during the whole lifetime. This reassessment, at the end of the lifetime, will help in updating/improving risk-based decisions in the future (in reference to a particular system/subsystem), based on the lifetime considerations. RAMS tasks contribute to the general project tasks for each phase, and requirements for RAMS tasks are detailed in the succeeding sections of this chapter. The process flow in Figure 1.1 shows life cycle-related RAMS tasks as components of general project tasks. The next sections will explain the phases and RAMS requirements in each phase of the project, considering EN 50126. For the applications of the RAMS, we refer the reader to Mahboob (2014) and references therein.
1.2 RAMS Management Requirements
A V representation, also provided in EN 50126 and other Comité Européen de Normalisation Électrotechnique (CENELEC) standards, of the life cycle is widely used in the RAMS management. Please refer to Figure 1.2. The top–down branch on the left side of the V-shaped diagram is generally called the development branch and begins with the concept and ends with the manufacturing of the subsystem components of the system. The bottom–up branch on the right side is related to the installation or assembly, the system handover, and then the operation of the whole railway system.
Handbook of RAMS in Railway Systems
6
1
Concept
10
System definition 2 and operational context
System acceptance
Operation, 11 maintenance, and performance monitoring
12
Decommissioning
Risk analysis and 3 evaluation Specification of 4 system requirements
System validation
9
Architecture and apportionment 5 of system requirements
Design and 6 implementation
Manufacture
Integration
8
7
FIGURE 1.2
V representation of system life cycle. (From DIN [Deutsches Institut für Normung] and VDE [Verband der Elektrotechnik, Elektronik und Informationstechnik], DIN EN 50126 (VDE 0115-103), edition 2000-03. Bahnanwendungen—Spezifikation und Nachweis von Zuverlässigkeit, Verfügbarkeit, Instandhaltbarkeit und Sicherheit (RAMS)—Teil 1: Generischer RAMS Prozess; Deutsche Fassung prEN 50126-1:2015), Beuth Verlag and VDE Verlag,
Berlin, 2003. With permission No. 12.017 of DIN and VDE, conveyed by VDE.*)
For the roles and responsibilities as well as the general activities throughout, the applicable life cycle, e.g., of the system-level considerations, will be described in another chapter of this handbook. The life cycle phases in the V diagram are briefly explained in the following and are in line with the prevailing EN 50126.1 1. Concept: Contracts are signed, agreements are made, and transmittals of the project are drawn up. 2. System definition and operational context: System characteristics and functions are described; interfaces and requirements are clarified; system inputs and outputs are recorded; intended operational conditions, maintenance, and environment are stated; and the RAMS performance-related parameters of the attached subsystems and components are derived. The RAMS management (e.g., using RAMS plan) and organization are established. 3. Risk assessment: Risk assessment includes risk analysis and risk evaluation. The risk assessment involves steps such as hazard identification, identification
* It should be noted that the latest edition be always used. This can be obtained from Beuth Verlag, Berlin, Germany (http://www.beuth.de) and from VDE Verlag, Berlin, Germany, (http://www.vde-verlag.de). The English edition, named BS EN 50126, can be obtained from British Standards Institution, London ( http:// www.bsigroup.com).
Introduction to the Requirements of Railway RAM
7
of events leading to hazards, and determination of risks associated with hazards (requires consequence analysis). The process for ongoing risk management should be established and then followed to decide if a risk is tolerable. This requires risk acceptance criteria to be in place. Risk analysis is a continuous and iterative step and goes in parallel with subsequent phases. There can be a condition that can lead to defining further safety system requirements induced by the risk acceptance criteria in order to reduce the risk to an acceptable level. Based on the risk assessment, system requirements can be derived. 4. Specification of system requirements: Detailing the initial system requirements (expected functions including their RAMS requirements) and the ones derived from risk assessment in phase 3 as well as defining criteria for acceptance and specifying the overall demonstration of compliance. 5. Architecture and apportionment of system requirements: Definition and allocation of RAMS requirements for subsystems. This phase might be a part of a demonstration of compliance, which can be possibly achieved in theoretical ways such as design simulations and software-based demos. Subsystems and their component requirements can be directly allocated if they are already available up to this point or are apportioned by deriving them from system-level requirements. 6. Design and implementation: During this phase, subsystems and components should be developed according to the RAMS requirements. Furthermore, plans for future life cycle tasks have to be established. 7. Manufacture: The components (and subsystems) of the railway system are manufactured, and RAMS-specific assurance plans have to be established and applied in the later project phases. 8. Integration: All subsystems should be assembled and installed to form the complete railway system in order to achieve the system-level mission. 9. System validation: It must be validated that the system and associated processes fully comply with the RAMS requirements, and the external risk reduction measures are considered. 10. System acceptance: This refers to the demonstration of compliance of complete railway system with overall contractual RAMS requirements and provides evidence that the system is now acceptable for entry into service. 11. Operation, maintenance, and performance monitoring: It is required to operate, maintain, and support the product through performance monitoring such that compliance with system RAMS requirements is consistent. 12. Decommissioning: In case of decommissioning, the system risk is controlled during the transition phase.
1.3 Life Cycle-Based RAM, Safety, and General Management Tasks
Table 1.1, which is based on EN 50126:2003, provides a summary of the main RAM, safety, and general project-related tasks in different phases of the project life cycle.
Handbook of RAMS in Railway Systems
8
TABLE 1.1
Summary of the Project Phase-Related Requirements, Management, and Processes Life Cycle Phases
RAM Tasks
1. Concept
• Consider previously achieved RAM performance of similar projects • Consider and define RAM implications of new project • Review RAM targets
2. System definition and application conditions
• Perform preliminary RAM analysis, based on historical data of RAM • Define RAM policy • Identify life cycle-based operation and maintenance conditions • Identification of the influences on RAM of existing interfaces of infrastructure and other constraints • Not relevant
3. Risk analysis
4. System requirements
• Specify system RAM requirements • Define RAM acceptance criteria • Define system functional concept and structure • Establish RAM program on system level • Establish RAM management on system level
Safety Tasks
General Tasks
• Consider previously achieved safety performance of similar project and application conditions • Consider and define safety implications of new project • Safety policy and safety targets are reviewed • Perform preliminary hazard analysis, based on the historical data of safety • Create safety plan • Define risk acceptance criteria • Identification of the influences on safety of existing interfaces of infrastructure and further constraints
• Establish and define the scope and purpose of project • Define project concept • Carry out financial analysis and feasibility studies • Set up management
• Perform systematic hazard analysis and safety risk analysis on system level • Set up central hazard log • Make complete risk assessment (= risk analysis + risk evaluation) • Specify system safety requirements • Define safety acceptance criteria • Define safety-related functional concept and requirements • Establish safety management on system level
• Project-level risk analysis (may have to be repeated at several stages)
• Define system mission profile • Prepare system-level technical description • Identify operation and maintenance strategies • Identify operating and maintenance conditions • Identify influence of existing interfaces of infrastructure and local constraints
• Requirements analysis • System specific • Specify local environment • Define system assurance, demonstration, and acceptance criteria • Establish verification and validation plan • Establish management, quality, integration, and organization requirements • Introduce and implement change control procedure (Continued)
Introduction to the Requirements of Railway RAM
9
TABLE 1.1 (CONTINUED)
Summary of the Project Phase-Related Requirements, Management, and Processes Life Cycle Phases
RAM Tasks
5. Apportionment of system requirements
• Apportionment of system RAM requirements to the specific subsystem and component RAM requirements • Define subsystem and components RAM acceptance criteria
6. Design and implementation
• Implement RAM program by review, analysis, testing and data assessment, reliability, availability, maintainability and maintenance, and analysis logistic support • Control programs: RAM program management, control of suppliers and contractors
7. Manufacturing
• Requires environmental stress screening • Requires RAM improvement testing • Initiate failure reporting and corrective action system (FRACAS) • Start trainings for the maintenance people from a maintainer • Establish spare parts and tool provisionrelated (inventory) lists
8. Installation
Safety Tasks
General Tasks
• Apportionment of system safety targets and requirements for specific subsystems and components • Define subsystem and components safety acceptance criteria • Update system safety plan, if necessary • Implement safety plan by review, analysis, testing, and data assessment. It includes: • Hazard log • Hazard analysis and risk assessment • Undertake program control for safety management and supplier control • Preparation of generic safety case • Preparation of generic application safety case, if required • Implement safety plan (by following review, analysis, testing and data assessment) • Use and update hazard log
• Apportionment of system requirements • Define subsystem and components requirements and acceptance criteria
• Establish installation program • Implement installation program
• Subsystem assembly and system-level integration • Multiple subsystem installations
• Planning • Design and development • Design analysis and testing • Design certification • Implementation and validation • Design of logistic support resources
• Production planning • Manufacture • Manufacture and test subassembly of components • Documentation management • Design associated trainings
(Continued)
Handbook of RAMS in Railway Systems
10
TABLE 1.1 (CONTINUED)
Summary of the Project Phase-Related Requirements, Management, and Processes Life Cycle Phases
9. System validation
RAM Tasks
• RAM demonstration (and evaluation in reference to the penalty criteria, e.g., trip losses during operation times)
Safety Tasks
• Establish and then commission program • Preparation of application-specific safety case begins
General Tasks
• System-level